TLS ROBOT Vulnerability Detected Vuln 4

Cisco Adaptive Security Appliance Software and Firepower Threat Defense SoftwareVuln 4
OpenSSL Multiple Remote Security Vulnerabilities Practice 4
EOL/Obsolete Software: Microsoft Internet Information Services (IIS) 6.x Detected Vuln 5
EOL/Obsolete Software: Microsoft IIS 7.5 Detected Practice 5
EOL/Obsolete Software: Apache HTTP Server 2.2.x Detected Practice 5
OpenSSL Security Update (OpenSSL Security Advisory 20210325) Practice 4
OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20160128) Practice 4
Apache httpd Server Information Disclosure Vulnerability (OptionsBleed) Practice 4
Apache HTTP Server mod_mime Buffer Overread Practice 4
OpenSSL Diffie-Hellman Weak Encryption Vulnerability (Logjam) Practice 4
OpenSSL Weak RSA Key Exchange Vulnerability Practice 4
OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20150319) Practice 4
OpenSSL BASE64 Decode Interger Underflow Vulnerability Practice 4
OpenSSL Multiple Security Advisories (secadv_20160503) Practice 4
SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability Vuln 4
Pulse Connect Secure Multiple Security Vulnerabilities (SA44101) Vuln 4
Apache HTTP Server Privilege Escalation From Modules Scripts Practice 4
CVE-2017-6168, CVE-2017-17ROBOT 101901, 10219
CVE-2020-3452 cisco-sa-asaftd-ro-path-KJuQhB86
CVE-2014-0224, CVE-2014-02OpenSSL Security Advisory [05 Jun 2014] 66363, 67898,
CVE-2017-7269
IIS 7.5 End of Life
CVE-2014-0098, CVE-2013-643
Apache httpd 2.2.34 43673, 40827,
CVE-2021-3449, CVE-2021-34OpenSSL Security Advisory 20210325
CVE-2016-0701, CVE-2015-31OpenSSL Security Advisory 20160128 91787, 82237,
CVE-2017-9798 Apache httpd 2.4.28 100872, 10559
CVE-2017-7679 Apache httpd 2.4.26, Apache httpd 2.2.34 99170
CVE-2015-4000 OpenSSL Security Advisory [11 Jun 2015] 74733, 91787
CVE-2015-0204 OpenSSL Security Advisory [19 March 2015] 91787, 71936
CVE-2015-0286, CVE-2015-02OpenSSL Security Advisory [19 Mar 2015] 73225, 73237,
CVE-2015-0292, CVE-2014-81OpenSSL Security Advisory [19 March 2015], , 73228, 75159
CVE-2016-2107, CVE-2016-21OpenSSL Security Advisory [3rd May 2016] 91787, 91081,
CVE-2015-0204 71936, 91787
CVE-2019-11510, CVE-2019-1SA44101 108073
CVE-2019-0211, CVE-2019-02Fixed in Apache httpd 2.4.39 107666
Cisco
Internet
1. The ASA Software
Information
scanner starts 9.12.x SSLthrough
Services
a may (TLSv1 9.12.3.11
(IIS, formerly Internet Information Server) is anto extensible web server created by Microsoft f
An
Cisco
The OpenSSL
supports ASA
OpenSSL TLS
Software
HTTP, server
HTTP/2,
Project 9.13.x
is HTTPS,
an Opencrash
through FTP,ifsession)
Source sent
9.13.1.9
FTPS,
by
SMTP
toolkit
sending
a maliciously and
a ClientHello
crafted
NNTP.
implementing It has
the
message
renegotiation
been
Secure an integral
Sockets
the server
ClientHello part
Layer message
of
(SSL the from
Windows
v2/v3) and aTransport
client.
NT family If aLayer
TLSv1.2
since W
Sec
2. The scanner waits for
signature_algorithms the server
extension (where to respond
it was with itsinServerhello,KeyExchange
present the initial ClientHello), andincludes
but ServerDone a message.
signature_algorithms_cert e
Cisco
from
purpose
3. Then ASA
some Software
editions
cryptography
the scanner 9.14.x
(e.g. library.
sends through
Windows
aknown 9.14.1.9
XP
ChangeCipherSpec Home edition),
message. and is not active
This message by isdefault.
out-of-order.
The
Cisco
OpenSSLTLS
dereference
OpenSSL
FTD vulnerability
will result,
Project
Software
contains is
6.2.2 also
leading
an
theoffollowing Open
through to a
Sourceas
6.2.3.15Return
crash and
toolkit
vulnerabilities: of
a Bleichenbacher's
denial
implementing of servicethe Oracle
attack.
Secure AThreat
server
Sockets (ROBOT).
is only
Layer ROBOT
vulnerable
(SSL v2/v3) allows
if
and it an
has attacker
TLSv1.2
Transport to
and
Layer obt
ren
Sec
4. Theunder
traffic fixed
configuration). version
certain
OpenSSL openssl
conditions.To
TLS will
clients reject
detect this
notthis
are6.6.x message
the
impacted bywith
vulnerable this an alert "Unexpected
ciphers
issue. should be disabled. message". The vulnerable version will att
general
Cisco
AffectedFTD purpose
Software
Versions: cryptography
6.3.x, 6.4.x, library.
6.5.x, prior to 6.6.0.1
session.
Apache
OpenSSL It
HTTP will fail
Server
contains because
is a
the followingfree of the
and missing
open-source
vulnerabilities: shared key and
cross-platform return web an alert
server "Decryption
software, failed". under
released The target wouldofbeApache
the terms vulnerab Lic
QID
-IIS 7.5Detection
OpenSSL
proceeded
Apache HTTP 1.0.2
to Logic:
the introduced
Server point where
Project the it ability
released attempted to generate
version to decrypt
2.2.34 X9.42
of style
anything.
the Apacheparameter
HTTP files as(Apache)
Server requiredin byJulyRFC2017,5114.the Thefinal
primes genera
maintenanc
Steps
Microsoft
Affected
This
contain foraVersions:
CVE-2015-0286: disabling
Internet
unauthenticated
small Thethe vulnerable
Information
ASN1_TYPE_cmp
QID detects ciphers
Services
vulnerable Web(https://qualys.secure.force.com/articles/How_To/000002963
function Server 6.x was
in crypto/asn1/a_type.c
systems by detected
requesting foron the
in target
OpenSSL
localization_inc.lua host.
fails to or perform ) the
boolean-type
portal_inc.lua files compar
via ofdirect
2.2 releases
Microsoft
OpenSSL
cause a areoffactor
ended
version
denial anticipated.
support
subgroup.
1.1.1-1.1.1j
service for
(invalid This
IIS
Furthermore,
6.0version
read on July of14,
operation ApacheOpenSSL
2015
and isand prior
principally
provides
application
to 1.0.2f
ano
crash)
will
security
further
via
by
a and default
bug fix
support
crafted
reuse
for
X.509 this
this
maintenance number
application.
certificate to
for
release.
an endpoint
life
Apache the p
Web
that u
NOTE
QID : The
Detection
particularly
The QIDofresults
release web
if
the 2.2.x services
Logic
re-used,
of "Expecting
series, file
(Authenticated)
severely system
weakens
Unexpected
although is enabled
applications
somefunction when
Messagepatches
security the
of theaffected
Alert(0x0A)" device
Diffie-Hellman
may be means
published is configured
protocol
the targetthrough such with
attempted as
December either
TLS, WebVPN
allowing
to decrypt
of 2017.and an or AnyConnec
attacker
did NOT send in som
CVE-2015-0287:
This checks
Diffie-Hellman for The
vulnerable
private2.2.xASN1_item_ex_d2i
exponent version of IIS
and decrypt in the windowsin crypto/asn1/tasn_dec.c
registry path
the underlying traffic. (CVE-2016-0701) against in OpenSSL
unsupported fails to
Windows reinitialize
Server CHOICE
2008 , and
2008 AD
R2
alert.
Apache
Note: HTTP Server is detected onwith the anhost.
to do aIISinvalid
NOTE: 6.0 servers are being
write operation exploited
by leveraging theapplication
"EXPLODINGCAN" that relies exploit.
on ASN.1 structure reuse.
The
This OpenSSL
OpenSSL
The information
Apache 1.1.0 Project
is
Module comes
out is
of an
from Open
support
mod_mime the Source
andShadow
is no
used toolkit
longer
to Brokers'
assign implementing
"Equation
receiving
content updates the
Group" Secure
of anydata Sockets
kind.adump The Layer
ofand
impact (SSL
security
of v2/v3)
these and
researchers
anissues Transport
on Zhiniang
OpenSSL Layer
Peng Sec
1.1.0 an
ACVE-2015-0289:
QID Detection
malicious
PulseDetection
QID
Apache
purpose Connect
Web client The
Logic
Secure
Logic:
Server
cryptography can PKCS7
provides
isimpacted
an
implementation
(Unauthenticated)
negotiate
open-source
library. SSLv2
secure,web ciphers in
authenticated OpenSSL
that
server. have access for remotethe
metadata
does
been not
disabled to
handle onand content
lack
the server
mobile selected
outer
and
users for
ContentInfo.
complete
from any HTTP An
SSLv2 response
attacker
web-enabledhandshakes by
can
device mapp
craft
even
to
OpenSSL
the
with
This metadata
missing
checks
provided 1.0.2
thatfor is
content
the not
values.
vulnerable
SSLv2 and trigger
version
protocol by a this
NULL
of
was issue.
IIS
not bypointer
checking
also dereference
theVPN banner on parsing.
information.
The
Pulse
The
On OpenSSL
Connect
remote
systems
OpenSSL
CVE-2015-0293:
Project
with
contains Secure
detectionthe
Athe
isis
Limit
denial
an
the
reviews
followingOpen
of
most the
directive
service
Source
widely
Apache
securityset toolkit
deployed
flawwithin adisabled
version implementing
vulnerabilities:
was found
SSL
from
'.htaccess'
in the
via
the SSL_OP_NO_SSLv2.
for the
banner
file
way and Secure
organizations
OpenSSLof the
set Sockets
HTTP
tohandled
an of(CVE-2016-3197)
Layer
any
Server.
invalid size,(SSL
HTTP
certain
acrossv2/v3)
method,
SSLv2 aand
every Transport
major
remote
messages. user
A malicious
Layer
industry.
can sendSec
Pulse
clien
purpose
request cryptography
vulnerabilities.
The authenticated
forhttpd
aboth
path to library.
detection
trigger areviews
use-after-freeApache version
memory from the
errorsuites
and command
view "httpd
potentially -v".
sensitive information from
CVE-2016-2107:
QID
In
serversDetection
Apache
Affected that
ACVE-2016-2105:
vulnerabilityVersions:
Asupport
the
MITM
TLS
attacker
Logic:(Unauthenticated)
in2.2.x before SSLv2
protocol 2.2.33 and canand use
enable
allows 2.4.xa export
a the
padding
beforecipher
man-in-the-middle
oracle
2.4.26, attack
mod_mimebytosending
attacker
decrypt
tocan
traffic
aread
downgrade one
specially whenbyte the
crafted past
vulnerable
connection
the
TLSend
SSLv2 aprocess
ofuses an AES
buffer
CLIENT-MASTER-KEY
connections
memo
when
using
CBCsm
eph
This
This vulnerability
QID
response
CVE-2015-0209:matches
header. is
An referred
overflow
vulnerable
A use-after-free to canas
versions "Optionsbleed".
occur in
based
vulnerability on EVP_EncodeUpdate()
the exposed
in the d2i_ECPrivateKey banner function
information.
function whichin is used for
crypto/ec/ec_asn1.c Base64 encoding
inclient.
OpenSSL. of binary
This cod
OpenSSL
512-bit
Affected
Apache
large amounts 1.0.2
export-grade
Versions:
HTTP prior
Server
of input to OpenSSL
cryptography,
through
data then 2.2.341.0.2f
a aswhen
and
length a
2.4.x DHE_EXPORT
through
check can overflow 2.4.27ciphersuite is enabled
resulting in a and on
heapcould a server
corruption. but not on a This vulner
private
OpenSSL
OpenSSL key parsing
1.0.1
has addedprior functions
to OpenSSL
protection (such 1.0.1r
for d2i_PrivateKey
TLS clients or EVP_PKCS82PKEY) lead to a DoS attack or memory corru
Pulse
QID Connect
Detection
CVE-2016-2106:
private keys from
Secure
LogicAn 9.0R1 - 9.0R3.3
(Un-authenticated)
overflow
untrusted can
sources. occur in the by rejecting handshakes
EVP_EncryptUpdate() with DHIfparameters
function. an attacker shorter is able to than 768 very
supply bits. large
This limiam
future
Pulse
This
The
to willrelease.
Connect
OpenSSL check
EVP_EncryptUpdate() Secure
for
Project is8.3R1
vulnerable anwithOpen- 8.3R7
versions
a Source
partial of Apache
toolkit
block then httpd
implementing
a length servercheck remotely
the Secure
can by reviewing
Sockets
overflow Layer
resulting the httpd
(SSL
in a v2/v3)
heap banner.
and Transport
corruption. Layer Sec
QID
Pulse Detection
CVE-2015-0288:
Affected
The OpenSSL
ConnectVersions:Logic
ProjectThe(Unauthenticated):
Secure function
is an
8.2R1 Open X509_to_X509_REQ
- 8.2R12 Source toolkit will crash with
implementing the a NULLSockets
Secure pointerLayer dereference
(SSL v2/v3) if theand certificate
Transport keyLayer
is invali
Secc
general
This QID
Affected purpose
CVE-2016-2109:matches
Versions: cryptography
When
vulnerable ASN.1 library.
data
versions is A
read vulnerability
based from a BIO
on the exposed has
using been confirmed
functions
banner such
informationinas OpenSSL
d2i_CMS_bio()which
underwhich the HTTP exist
a in
short ssl3_get_key_exchang
invalid
service. encoding can
OpenSSL
general
Pulse
allows
memory
In Connectversions
purpose
remote
Apachepotentially Secure
SSL
HTTP Server prior
cryptography
servers to
8.1R1
consuming
2.4 1.0.1n
to - library.
8.1R15
conduct
releases excessive A
RSA vulnerability
to
2.4.17resources EXPORT_RSA
to 2.4.38,or has been confirmed
downgrade
exhausting
with MPM event, memory.attacksin OpenSSL
and allows exist
brute-force while
worker or prefork, code executing in less-privileged processing
attacks causing base64
decry
OpenSSL
OpenSSL
string via versions
versions
certain by prior
prior
PEM to
to 0.9.8zf
1.0.2b
processing
key in
scripts
OpenSSL
The aexecuted
remote noncompliant
CVE-2016-2176: versions
SSL/TLS ASN1an
prior role.
server Strings
in-process
to 1.0.0r
is thatroutines
Affected areVersions:
scripting
vulnerable overto
that,
1024 when
interpreter)
FREAK bytes
attack
parsed
can
could
when:
by the
cause
execute anOpenSSL
arbitrarylibrary
overread in
code leadsthe
applications
with to an integer
using
privileges the ofunderflow,
X509_NAME_oneli
the parent leading
proce
can
QID cause
OpenSSL
could Detection
result
scoreboard. the OpenSSL
versions:
in server
logic:(Authenticated)
0.9.8
arbitrary
Non-Unix prior
stack
systems to
toare
data crash
0.9.8.zd,
being An Invalid
1.0.0 prior
returned
not affected. free
in to vulnerability
the1.0.0p
buffer. has been reported
and 1.0.1 prior to 1.0.1k. in DTLS which exists when DTLS pee
OpenSSL
1.The
It uses versions
"RSA+EXPORT"
ChangeCipherSpec
snmpwalk prior
and
request to
ciphers 1.0.1m
Finished
and are
oid supported;
messages,
to get the buffering
vulnerable of such
version data of may
Pulse cause
Connect an invalid
Secure free,
at resulting
scan result in a segmentation fa
CVE-2016-2178:
Affected
OpenSSL
2.The Versions:
sizeversions
of the RSA The
prior dsa_sign_setup
to 1.0.2a
public key in certificate functionisinnot crypto/dsa/dsa_ossl.c
stronger than 1024; in OpenSSL through 1.0.2h does not properly ensur
Affected
which makes Versions:
2.4.37,it2.4.35,
easier for local
2.4.38,
3.The
OpenSSL
QID temporary
Detectionversions: RSA0.9.8
2.4.34,
key prior
logic:(Unauthenticated) isusers
size 2.4.33,
to less to
than
0.9.8.za,
discover
2.4.30, 1024;
1.0.0
2.4.29,a DSA private
2.4.28, key via
2.4.27, a timing
2.4.26,
prior to 1.0.0m and 1.0.1 prior to 1.0.1h.
2.4.25,side-channel
2.4.23, 2.4.20, attack. 2.4.18, 2.4.17
Affected
4.The Versions:
temporary RSA key is stable(used multiple times);
It uses
OpenSSL
QID two
Detection detection
versions Logic prior with modified
to 1.0.2h
(Unauthenticated): andrequests:
1.0.1t /dana/html5acc/guacamole/ to the targets to display find the vulnerable tar
contents
This at scan result.
OnlyQID SSLv3 Checks
and TLSv1 for the are vulnerable
potentially versions
vulnerable based on the exposed banner information under the HTTP service.
Our
QID Authenticated
Detection Logicdetection (Authenticated): is the only detection that prints the product version information at scan result.
This QID Checks for the vulnerable versions of Apache HTTP Server based on version detected from the command.
HTTP: Apache Information Leak Vulnerability (CVE-2017-9788); HTTP:
Apache Options Memory Leak Vulnerability (CVE-2017-9798), HTTP:
Apache Server Multiple Vulnerabilities (CVE-2014-0098) HTTP:
Apache HTTP Server mod_rewrite RewriteLog Command Execution
HTTP: Apache HTTPD mod_proxy_balancer Cross Site Scripting
HTTP:
HTTP: Apache HTTP
Oracle Java Server httpOnly
Glassfish Cookie Information
External Statistics Disclosure
Impl Package Sandbox Breach
HTTP: Apache HTTPD mod_proxy_ajp Denial of Service HTTP: Apache
HTTP: Cisco ASA Directory
APR Apr_fnmatch Traversal
Stack Overflow Vulnerability
Denial (CVE-2020-3452) Enabled
Of Service
SSL: OpenSSL
HTTP: ApacheChangeCipherSpec
Server Remote Code MITM Security
Execution Bypass,
SSL: SSL: OpenSSL DTLS Recursion Denial Of Service, SSL: OpenSSL DTL
Client-Initiated
Key Renegotiation Detected HTTP: Apache Mod_tcl set_var
HTTP: IIS 6.0 WebDAV Service ScStoragePathFromUrl Function Format
Buffer OEnabled
string Vulnerability HTTP: Cross Site Scripting Cheat Sheet
HTTP: Cross Site Scripting - Apache HTTP Server mod_negotiation
Filename Handling Enabled

HTTP: Apache Options Memory Leak Vulnerability (CVE-2017-9798) Enabled

SSL: OpenSSL ASN1_TYPE_cmp Denial of Service Vulnerability Enabled

SSL: OpenSSL Oracle Padding in AES-NI CBC vulnerability Enabled

HTTP: Pulse Secure Platform Stack-Based Buffer Overflow (CVE-2019-1Enabled

HTTP: Apache Root Privilege Escalation Vulnerability (CVE-2019-0211) Enabled
al Of Service, SSL: OpenSSL DTLS Possible Hello Message Denial Of Service, SSL: OpenSSL DTLS Hello Message DoS Vulnerability SSL: Op
DoS Vulnerability SSL: OpenSSL Dtls Reassemble Fragment Invalid Fragment Buffer Overflow SSL: OpenSSL Anonymous ECDH Denial o
nonymous ECDH Denial of Service (CVE-2014-3470)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability
HTTP: Cisco ASA Directory Traversal Vulnerability (CVE-2020-3452)
 either
WebVPN
or
AnyConne
ct
Vuln 4 CVE-2020-3452 cisco-sa-asaftd-ro-p features.